Thursday, June 05, 2008 8:23 AM
cmosby
VMware Products Multiple Vulnerabilities - Secunia - 6/05/2008
VMware Products Multiple Vulnerabilities
Secunia Advisory:
SA30556
Release Date:
2008-06-05
Critical:
Less critical
Impact:
Security Bypass
Privilege escalation
Where:
Local system
Solution Status:
Vendor Patch
OS:
VMware ESX Server 2.x
VMware ESX Server 3.x
Software:
VMware ACE 1.x
VMware Player 1.x
VMware Server 1.x
VMware VIX API 1.x
VMware Workstation 5.x
CVE reference:
CVE-2007-5671 (Secunia mirror)
CVE-2008-0967 (Secunia mirror)
CVE-2008-2097 (Secunia mirror)
CVE-2008-2100 (Secunia mirror)
Description:
Some vulnerabilities have been reported in multiple VMware Products, which can be exploited by malicious, local users to bypass certain security restrictions or to gain escalated privileges.
1) An error exists in the "HGFS.sys" driver included in the VMware Tools package. This can be exploited to execute arbitrary code with escalated privileges on a Windows guest machine.
2) An error in "vmware-authd" can be exploited to gain escalated privileges on a Linux host machine.
For more information see vulnerability #3 in:
SA304763) An error within the processing of "Content-Length" headers in the Openwsman management service can be exploited to gain "root" privileges.
4) Multiple boundary errors in the VMware VIX API can be exploited to cause buffer overflows.
For more information see vulnerability #4 in:
SA30476Please see vendor's advisory for a list of affected products and versions.
Do you have this product installed on your home computer? Scan using the free
Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the
Network Software Inspector.
Solution:
Update to the latest version or apply patches.
VMware Workstation 5.x:
Update to version 5.5.7.
http://www.vmware.com/download/ws/ws5.htmlVMware Player 1.x:
Update to version 1.0.7.
http://www.vmware.com/download/player/VMware ACE 1.x:
Update to version 1.0.6.
http://www.vmware.com/download/ace/VMware Server 1.x:
Update to version 1.0.6.
http://www.vmware.com/download/server/VMware VIX 1.x:
Update to version 1.1.4.
http://www.vmware.com/support/developer/vix-api/VMware ESXi 3.5:
Apply patch ESXe350-200805501-O-SG.
http://download3.vmware.com/software/esx/ESXe350-200805501-O-SG.zipVMware ESX 3.5:
Apply patches.
http://download3.vmware.com/software/esx/ESX350-200805515-SG.ziphttp://download3.vmware.com/software/esx/ESX350-200805508-SG.ziphttp://download3.vmware.com/software/esx/ESX350-200805501-BG.zipVMware ESX 3.0.2:
Apply patches.
http://download3.vmware.com/software/vi/ESX-1004727.tgzhttp://download3.vmware.com/software/vi/ESX-1004821.tgzhttp://download3.vmware.com/software/vi/ESX-1004216.tgzhttp://download3.vmware.com/software/vi/ESX-1004726.tgzVMware ESX 3.0.1:
Apply patches.
http://download3.vmware.com/software/vi/ESX-1004186.tgzhttp://download3.vmware.com/software/vi/ESX-1004728.tgzhttp://download3.vmware.com/software/vi/ESX-1004725.tgzVMware ESX 2.5.5:
Apply upgrade patch 8.
http://download3.vmware.com/software/esx/esx-2.5.5-90521-upgrade.tar.gzVMware ESX 2.5.4:
Apply upgrade patch 19.
http://download3.vmware.com/software/esx/esx-2.5.4-90520-upgrade.tar.gzProvided and/or discovered by:
1) The vendor credits Stephen Fewer of Harmony, reported via iDefense.
2) The vendor credits iDefense.
3) Alexander Sotirov, VMware Security Research
4) Reported by the vendor.
Original Advisory:
http://www.vmware.com/security/advisories/VMSA-2008-0009.htmlOther References:
SA30476:
http://secunia.com/advisories/30476/
Filed under: Patch Management, Security, Configuration Managment, Virtualization, Enterprise Applications, Software Vulnerabilites